Abstract

Traditional DNS tunnel detection methods based on load analysis and traffic monitoring have a high false positive rate and cannot effectively respond to new DNS tunnel attacks. To this end, a log-based statistical method is proposed to detect DNS tunnel attacks. Compare and analyse the differences between DNS tunnel attack behaviours and normal DNS parsing behaviour from the perspective of DNS sessions, extract the multi-dimensional features dominated by cache hit ratios, compose DNS session evaluation vectors, and use random forest classification algorithms to construct DNS session evaluation vector detection classifiers A DNS tunnel attack detection model based on characteristic statistical behaviours is established. The actual test results show that this method has a small false positive rate and low false negative rate, and it also has a high detection ability for unknown DNS tunnel attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
New abnormal cervical cell detection method of multi-spectral pap smears
Feng Cao ... Libo Zeng
Wuhan University Journal of Natural Sciences | VOL. 12
Feng Cao, et. al.Feng Cao ... Libo Zeng
01 May 2007
Encrypt DNS Traffic: Automated Feature Learning Method for Detecting DNS Tunnels
Shuai Ding ... Xinhui Du
-
Shuai Ding, et. al.Shuai Ding ... Xinhui Du
01 Sep 2021
The echography of pelvi-ureteric junction obstruction in children
Constantine Metreweli ... Margaret E Furness
Clinical Radiology | VOL. 34
Constantine Metreweli, et. al.Constantine Metreweli ... Margaret E Furness
01 Jan 1982
Influence of Monoenergetic Images at Different Energy Levels in Dual-Energy Spectral CT on the Accuracy of Computer-Aided Detection for Pulmonary Embolism
Guangming Ma ... Chenwang Jin
Academic Radiology | VOL. 26
Guangming Ma, et. al.Guangming Ma ... Chenwang Jin
22 Feb 2019
View more papers

More From: Journal of Physics: Conference Series

Paper Title
Journal
Date
Author
Non-contact fault detection of overhead insulators in distribution networks based on sound and light collaboration
Busheng Luo ... Zhenxin Zhong
Journal of Physics: Conference Series | VOL. 2876
Busheng Luo, et. al.Busheng Luo ... Zhenxin Zhong
01 Nov 2024
Power flow distribution identification via machine learning algorithm and distributed resource clearing method
Su Wang ... Mingxi Tang
Journal of Physics: Conference Series | VOL. 2876
Su Wang, et. al.Su Wang ... Mingxi Tang
01 Nov 2024
Wind Turbine Gearbox Anomaly Detection Using Signal-to-Image Processing Algorithms and Convolutional Autoencoder
S Sheikhi ... D Ghose
Journal of Physics: Conference Series | VOL. 2875
S Sheikhi, et. al.S Sheikhi ... D Ghose
01 Nov 2024
Predictive Modeling of Semi-Submersible Floater Motion Using Bi-LSTM Model
H H Mian ... S Mathew
Journal of Physics: Conference Series | VOL. 2875
H H Mian, et. al.H H Mian ... S Mathew
01 Nov 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.